Email verification for Enterprise users

markd · August 22, 2019, 1:22pm

Welcome to the Community! If the identity provider is an OIDC provider (e.g., Google), you should get email_verified in the security token from the provider. If it is a SAML provider, you have a couple options:

Have the provider add an email_verified claim to the SAML assertion,
Map some other value to email_verified.

We went with the second option. From what I can tell, because email_verified is a boolean, you can map any truthy value to it. For example, we are mapping the nameidentifier field to email_verified:

{
    "user_id": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
    "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
    "email_verified": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"
}

We know our 3rd party provider will always provide a valid nameidentifier, which in this case happens to be the user’s email address, so by mapping that string to email_verified, we get email_verified set to true at account creation time. I am submitting feedback to Auth0 to allow us to edit email_verified for Enterprise users.

Topic		Replies	Views
Enterprise mapping to deafult value Help sso , enterprise	5	4737	October 1, 2019
Set email_verified to true for SAML based enterprise users? Help saml , verification-email , email-verification	1	3986	May 12, 2021
Setting email_verified flag for SAML connection Feedback	1	722	September 26, 2023
Error "The user's main connection does not support this operation" when Sending Email Verification Knowledge Articles	1	315	May 13, 2024
SAML users are required to verify their email Knowledge Articles	1	661	September 21, 2023

Email verification for Enterprise users

Related topics